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We claim: 



1 . A computer-implemented n^jbthod comprising: 
. / at a network-address-transl&tion (NAT) component, performing address translation at 



/- 

5 th< 



15 



packet level of a stream of packets originating from a client and destined for a server, 



the address translation redirecting the packets to a proxy component and masking a 
source of the packets; and, 

at the proxy component, performing filtering at a stream level of the stream of 
packets, the proxy component transmitting the packets to the server. 



2. The method of claim 1, farther 
10 at the proxy component, 
packets originating from the 



comprising: 

>erforming filtering at a stream level of a second stream of 
server and ostenamy destined for the NAT component, the 



proxy component transmittin 
and, 

at the NAT component, p 
stream of packets, the addresi 



3. The method of claim 1, fujrther 
stream of packets to the NAT 
the client. 



4. The method of claim 1 , \v 
20 socket of the proxy component. 



the packets of 



idsecond stream to the NAT component; 



rforming address translation at a packet level of the second 
translation redirecting the packets to the client. 



initially comprising, at a client, transmitting the 
component, the NAT component specified as a gateway at 



erein the address translation redirects the packets to a 
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5. The method of claim 1, wherejfa the proxy component transmits the packets from a 
socket thereof to the server. 
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6. A machine-readable medium having instructions stored thereon for execution by a 
processor to perform a method comprising: 

performing address translation at a packet level of a stream of packets originating 
from a client and destined fov a server via network-address-translation (NAT), the 
address translation redirecting the packets to a first proxy socket and masking a source of 
the packets; and, 

performing filtering at /a stream level of the stream of packets, the packets 
subsequently transmitted from a second proxy socket to the server. 




7. The medium of claini 6, the method lurtl^r comprising: 

performing filtering kt a stream level of & second stream of packets originating from 
the server and ultimately destined for the client, the packets received from the server at 



the second proxy socke 
performing address 



and subsequently transmitted from the first proxy socket; and, 
translating at a packet level of the second stream of packets, the 



address translation redirecting the packets to the client. 

8. A computerized system comprising: 
a client; 

a server with which the client communicates via a first stream of packets from the 
client to the server ana a second stream of packets from the server to the client; and, 
a network-addressl-translation (NAT)/proxy device designed to perform address 
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translation at a packet level of the first and the second streams of packets, and to perform 
filtering at a stream level of the first and the second streams of packets. 

9. The system of claim 8, wherein thfe NAT/proxy device comprises: 

a NAT component designed to perform address translation at a packet level of the 
first and the second streams of packets; and, 

a proxy component designed to/perform filtering at a stream level of the first and the 
second streams of packets. 

10. The system of claim 9, wherein the NAT component is further designed to redirect 
the packets of the first stream to me proxy component and mask a source of the packets. 



10 11. The system of claim 9, wherein the NAT compoi^it is further designed to redirect 
the packets of the second stream! to the client. 



12. The system of claim 9, wh 
the packets of the first stream 




ein the proxy component is further designed to transmit 
d the server. 



13. The system of claim 9, wherein the proxy component is further designed to transmit 
15 the packets of the second strej m to the NAT component. 



14. The system of claim 9, 
receive the packets of the fin 
the packets of the second 



wherein the proxy component has a first socket at which to 
stream from the NAT component and from which to send 
stream to the NAT component, and a second socket at which to 



24 



* 



receive the packets of the second stream frojn the server and from which to send the 
packets of the first stream to the server. 

15. A network-address-translation (NAT)/proxy device comprising: 

first means for performing address translation at a packet level of a first stream of 
packets from a client to a server and of/i second stream of packets from the server to the 
client; and, 

second means for performing filtering at a stream level of the first and the second 
streams of packets. 



n 



16. The device of claim 15, wherein the first means is further for redirecting the packets 
10 of the first stream to the second means and for masking a source of the packets of the first 
stream, and to redirect the packets of the secondlstream to the client. 



jVj 17. The device of claim 15, whejein the second means is further for transmitting the 

p packets of the first stream to thejserver, and ti transmit the packets of the second stream 

to the first means. 



15 18. The device of claim 1 5 , w 
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receive the packets of the first 
packets of the second stream 



jrein the second means has a first socket at which to 



; stream from the first means and from which to send the 
t ) the first means, and a second socket at which to receive 
the packets of the second stream from the server and from which to send the packets of 
the first stream to the server. 
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